Message-ID:

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

computers / news.software.nntp / Trouble with 'require_ssl' on INN 2.6.4

Trouble with 'require_ssl' on INN 2.6.4

<871r3ekj0k.fsf@disroot.org>

https://rocksolidbbs.com/computers/article-flat.php?id=342&group=news.software.nntp#342

copy link Newsgroups: news.software.nntp

Path: i2pn2.org!i2pn.org!aioe.org!RGoLtFm8/ZXwC8/qjyajYA.user.46.165.242.75.POSTED!not-for-mail
From: kitzman@disroot.org (kitzman)
Newsgroups: news.software.nntp
Subject: Trouble with 'require_ssl' on INN 2.6.4
Date: Wed, 17 Nov 2021 15:29:31 +0200
Organization: Aioe.org NNTP Server
Message-ID: <871r3ekj0k.fsf@disroot.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: gioia.aioe.org; logging-data="9905"; posting-host="RGoLtFm8/ZXwC8/qjyajYA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
X-Notice: Filtered by postfilter v. 0.9.2
Cancel-Lock: sha1:gXveFxVY3CcSKexqazika+xOCng=

by: kitzman - Wed, 17 Nov 2021 13:29 UTC

Hey everyone,

I'm quite new to NNTP and I set up INN to have my RSS feeds there. I
saw on INN's README.md that I can reach out here for questions. I would
be grateful is someone could lend me a hand.

Previously, I've used version 1.6.x, as it came with Debian, and, in
order to serve TLS connections, I've used stunnel.

Now I'm using 2.6.4 - and I configured it to serve TLS. However, my RSS
uploader is, at the end, just using sinntp, which is a lightweight
client. However, sinntp does not support TLS connections.

So, I configured in `readers.conf` to allow local traffic to use 119,
and also set `require_ssl: false` in the auth block. However, I still
get the "Encryption required" error :/ . From the logs I see that it
used the right auth and access group, and that the parsing worked.

Is there something wrong with my approach?

Quite excited though about using my LISP-powered Gwene and soon
Gmane. :) At the end I'll send a patch to the Alpine ports, with the INN
package.

Kind regards,
kizman

Re: Trouble with 'require_ssl' on INN 2.6.4

<sn8q1e$38sm9$1@news.trigofacile.com>

copy mid

https://rocksolidbbs.com/computers/article-flat.php?id=343&group=news.software.nntp#343

copy link Newsgroups: news.software.nntp

Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.trigofacile.com!.POSTED.176-143-2-105.abo.bbox.fr!not-for-mail
From: iulius@nom-de-mon-site.com.invalid (Julien ÉLIE)
Newsgroups: news.software.nntp
Subject: Re: Trouble with 'require_ssl' on INN 2.6.4
Date: Fri, 19 Nov 2021 19:22:37 +0100
Organization: Groupes francophones par TrigoFACILE
Message-ID: <sn8q1e$38sm9$1@news.trigofacile.com>
References: <871r3ekj0k.fsf@disroot.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 19 Nov 2021 18:22:38 -0000 (UTC)
Injection-Info: news.trigofacile.com; posting-account="julien"; posting-host="176-143-2-105.abo.bbox.fr:176.143.2.105";
logging-data="3437257"; mail-complaints-to="abuse@trigofacile.com"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.3.0
Content-Language: fr
In-Reply-To: <871r3ekj0k.fsf@disroot.org>

by: Julien ÉLIE - Fri, 19 Nov 2021 18:22 UTC

Hi kitzman,

> Now I'm using 2.6.4 - and I configured it to serve TLS. However, my RSS
> uploader is, at the end, just using sinntp, which is a lightweight
> client. However, sinntp does not support TLS connections.
>
> So, I configured in `readers.conf` to allow local traffic to use 119,
> and also set `require_ssl: false` in the auth block. However, I still
> get the "Encryption required" error :/ . From the logs I see that it
> used the right auth and access group, and that the parsing worked.

Normally, you should not have to define port 119 in readers.conf.
Could you please copy/paste here your readers.conf file please? (with
possible IP and hostnames obfuscated if they should not be known)

Do you start a separate nnrpd on port 563 as explained in the last
section of:
https://www.eyrie.org/~eagle/software/inn/docs/checklist.html

Unencrypted traffic on port 119 is handled by innd. It will spawn nnrpd
itself.

readers.conf documentation with examples in the EXAMPLES section:
https://www.eyrie.org/~eagle/software/inn/docs/readers.conf.html

--
Julien ÉLIE

« Dès que le silence se fait, les gens le meublent. » (Raymond Devos)

Subject	Author
Trouble with 'require_ssl' on INN 2.6.4	kitzman
Re: Trouble with 'require_ssl' on INN 2.6.4	Julien ÉLIE